Venminder’s 2022 State of Third-Party Risk Management Whitepaper Provides Insight Into How Organizations Are Managing Third-Party Risk

News Image

The survey results share how maturity within third-party risk management practices continue to evolve and, notably, improve.

Venminder, the industry recognized leader of third-party risk management solutions, has today released their annual “State of Third-Party Risk Management” whitepaper. The sixth annual whitepaper shares survey results that provide many with important insights into the current state of third-party risk management, as well as, the ability for third-party risk professionals to compare and benchmark their organizations’ processes against their peers.

The 2022 whitepaper covers how steadily maturing vendor risk management environments continue to be influenced and shaped by the ongoing and ever-changing pandemic. In particular, the need for robust and well-managed vendor risk was emphasized in a year marked by increases in data breaches and cybercrime. Among the many survey insights, vendor risk programs are still feeling the pressure of a lack of resources and being underfunded with most organizations continuing to move towards dedicated vendor risk management platforms to help automate processes and improve efficiency.

“The survey results share how maturity within third-party risk management practices continue to evolve and, notably, improve,” said James Hyde, CEO of Venminder. “The ever-changing nature of the COVID-19 pandemic has continued to drive heightened awareness and overall need for well-managed practices. The increase in cybercrime only has further emphasized the importance of ensuring that your data is protected, whether it’s in your hands or a vendor’s hands. This point holds true wherever it may be – whether companies work in remote, office or hybrid environments.”

Key findings from State of Third-Party Risk Management survey include:

  • The biggest challenges in third-party risk management were jointly ranked as “Having enough internal resources” (40%) and “Getting the right documents from vendors” (40%).
  • 69% are feeling more scrutiny from auditors and examiners.
  • 56% report using dedicated vendor management software.
  • 74% rated cybersecurity as a top concern, fourth-party risk also rated high at 54%, vendor business continuity rounded out the top three at 42% and other emerging risks included ESG (34%) and vendor financial health (27%).
  • 68% found that getting the line of business or vendor owner support is challenging, but manageable.
  • 65% said they had two or fewer dedicated employees, but 46% said they had more than 300 vendors – vendor risk management programs are still understaffed.
  • 60% reported that critical vendors make up 10% or less of their total vendor population, which is in line with best practices.
  • Of the organizations with ESG in scope, only 6% have defined and implemented processes. Some are currently defining and developing their program (7%) or are in early-stage implementation (9%). Still, 61% of respondents have no requirements (39%) or are unsure (22%).
  • 78% now report having a formal process in place that determines inherent and residual risk.
  • 73% said they’re reviewing their high-risk or critical vendors at least annually, which is the recommended minimum.
  • 72% updated their vendor management policy document within the last year.
  • 58% reported updates to their due diligence vendor risk questionnaire and evidence document requirements within the last year and 25% within 1-2 years.
  • 47% report that they are using a centralized model and 42% reported using a hybrid model (up from 34% in the previous year).

The full survey findings are free to download on Venminder’s website by clicking here.

About Venminder
Venminder offers a world-class SaaS platform that guides and streamlines third-party risk management. Venminder’s platform helps users collaborate on all things vendor-related and guides through critical processes such as oversight management, contract management, risk assessments, due diligence requirements, questionnaires, SLA management, vendor onboarding and more. Robust and configurable reporting can be generated from the tool to give clear visibility into the management and ongoing monitoring of third parties. Completed vendor risk assessments can be found in the Venminder Exchange and include thorough assessments of a vendor’s information security, SOC reports, contracts, financials, business continuity/disaster recovery and more. Venminder also powers Third Party ThinkTank, an online free community dedicated to third-party risk professionals. For more information, visit http://www.venminder.com.

Share article on social media or email: